Ponemon: SSL Inspection Not a Priority for Federal Agencies

The Director of National Intelligence recently warned that cyber issues have surpassed terrorism as the No. 1 threat facing the nation. You only have to read the latest headlines to understand how prolific cyberattacks are in today’s connected world.

Federal agencies are no different from any other industry — experiencing an uptick over the past few years in attack activity that shows no signs of slowing. In 2015 alone there were 77,000 reported attacks on federal agencies.

Public sector victims
A recent study, “Hidden Threats in Encrypted Traffic: Industry Verticals,” by the Ponemon Institute, sponsored by A10 Networks, found that 77 percent of public sector respondents had been a victim of a cyberattack, cybercrime or malicious insider activity in the past 12 months.

Hackers, who may be sponsored by nation states with political intentions or criminal rings with financial motives, will likely continue to target federal agencies because the payoff can be big. A successful attack can take down public services, disrupt economic activity, or cripple competitive advantages on a wide scale, as well as steal valuable information on individual citizens.

In addition, a lack of basic measures has been making it easier than it should be for hackers to find a weak link. Congressional hearings held after some of the bigger breaches (e.g., IRS and OPM) found that the implementation of security measures, such as multi-factor authentication and encryption, could have slowed, if not entirely prevented the incidents.

Encryption is a foundational tool in a federal agency’s arsenal to protect the integrity and privacy of sensitive data. It’s a best practice that can help keep data safe and make it more difficult for hackers to steal classified information.

Today, according to a new Ponemon Institute study, approximately 42 percent of an agency’s inbound Web traffic and 32 percent of their outbound traffic is encrypted. Public sector respondents indicated those percentages would likely increase to 43 percent and 35 percent, respectively, in the next year.

The Ponemon survey found the public sector respondents that indicated they had been attacked in the past 12 months, believed that 43 percent of those attacks used encryption to evade detection.

Lack of SSL decryption, inspection
Unfortunately, while 93 percent of public sector respondents recognize that inspection of SSL traffic is “Important” to “Essential” to their agency’s overall security infrastructure, only 38 percent decrypt Web traffic to detect attacks, intrusions and malware. Of those who said they don’t decrypt, only 50 percent have plans to implement SSL decryption and inspection over the next 12 months.

As a result, many are not confident in their ability to be able to protect against attackers using encrypted traffic to obscure their activity. 74 percent feel that compromised insider credentials, due to malware hiding inside encrypted SSL traffic, could cause a data breach within their agency. 64 percent are uncertain of their agency’s ability to prevent costly data breaches and loss of intellectual property by detecting SSL traffic that is malicious.

When probed on why they are not inspecting more encrypted traffic, respondents to the Ponemon survey cite lack of enabling security tools (57 percent), insufficient resources (42 percent), and performance degradation (39 percent). Independent tests show that most security devices experience an 80 percent performance degradation when they decrypt and re-encrypt traffic.

The problem is compounded with Elliptic Curve Cryptography (ECC), which is increasingly designated as the method of choice for Google and Apple. Many devices experience a 75 percent performance degradation over and above other SSL methods when ECC is used. As a result, agencies are often forced to only selectively decrypt or forgo decryption altogether to ensure ongoing availability of their overall infrastructure.

Scaling proven SSL inspection
What agencies need is a solution that enables them to scale SSL inspection to identify potential threats, without impacting the overall performance, productivity or availability of their information systems. Ponemon probed to identify the features that were most important to the public sector, which included a solution’s ability to:

Scale to meet current and future SSL performance demands – 89 percent

Securely manage SSL certificates and keys – 88 percent

Maximize the uptime and performance requirements of the overall capacity of the security infrastructure – 82 percent

Satisfy compliance requirements – 81 percent

Interoperate with a diverse set of security products from multiple vendors – 77 percent

Granularly parse and control traffic based on custom-defined policies – 76 percent

Contact Us Links

Connect with Us

Information

A10 Networks (NYSE: ATEN) is a leader in application networking and security, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers globally with offices worldwide.